Schneier on Security
A blog covering security and security technology.
« Comparing the Security of Electronic Slot Machines and Electronic Voting Machines |
| Securing Cyberspace for the 44th Presidency »
December 24, 2008
U.S. COMSEC History from 1973
Just declassified, this document -- A History of U.S. Communications Security (Volumes I and II); the David G. Boak Lectures, National Security Agency (NSA), 1973 -- is definitely worth reading. The first sections are highly redacted, but the remainder is fascinating.
Posted on December 24, 2008 at 11:03 AM
• 16 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Nothing says merry christmas like a declassified redacted NSA document.
ahhhh can you feel the love?
the coolest thing i found skimming it was a sidenote about the H meaning "ancillary" and the Y meaning "speech encryption" in HY-2. i've long wondered how the NSA assigns those weird acronyms. i wish there were a list available so i could look at a device designator and have a general idea what it does.
You wonder what the point is of some of those redactions. On page 93, (the page with "97" at the bottom), the phrases "iron curtain", "embassies" and "State Department" seem pretty obvious.
"... shortage of cables ... was never solved" (pages 143-144) Unbelievable!
Impressed that NSA was working on video stream encryption in the 1970s!
And it's interesting to see the messy and non-theoretical aspects of security discussed. Specifically, the stories of how they had to make equipment customers wanted to use -- tiny, lightweight stream-cipher equipment for the Air Force, for instance. Also, the technical and bureaucratic history of how TEMPEST was discovered, forgotten, rediscovered, and finally addressed -- and how such a messy physical problem ended up becoming a more important threat to security than the theoretical problem that cryptographers spent so much time on.
Also interesting that:
- the author thinks "potential security losses [of unclassified cryptography] may well be off-set by what a motivated commercial world and interested Academe might offer to the Government for its own use"
- the author says NSA was not breaking DES back then -- ages ago! -- but allowed that they might be able to someday
- NSA "still [saw] no solution to DES short of a brute force exhaustion of all its 2**56 variables" (of course, academics much later discovered faster-than-brute-force solutions using differential and linear cryptanalysis)
- the author didn't think public-key cryptography was the wave of the future, and didn't think computer cryptography was "there yet" (which, back then, was probably right)
Ho ho ho!
What's most fascinating to me is the repeated commentary on the economics of communications security versus other assets, under the SUPRISE heading, and particularly on page 111 where a senior Air Force officer is said to express a willingness to exchange aircraft for anti-jamming measures. Given that he was facing circumstances where jamming could cost him both aircraft and men, he seems to have had his priorities straight.
From the position of historical interest, I'm a little disappointed that some of the "Vietnam failures" seem to have been redacted, but they may be implied in the set of operating assumptions about the capabilities of the VC.
"One of my irreverent friends, knowing where I work, insists on referring to me as "an electronic spy", and popular paperback literature is full of lurid stories about code-breakers and thieves in the night careening to Budapest on the Orient Express with stolen ciphers tattooed somewhere unmentionable. What is the actual situation? [ redacted ] "
So here I am reading the document linked in this story when I get to page 85 about tempest. I encounter the phrases "He sauntered past a kind of carport jutting out..." and "a carefully concealed dipole antenna, horizontally polarized." And I thought...I've heard these exact words somewhere else before. Where would I have encountered this exact wording from a document which has been declassified just in the past few days? I dumped the phrase into google and sure enough:
Here it is in this document about tempest which was declassified 9-27-2007. It contains a lot more about the story in Japan and tempest etc.
And I notice that this document contains what is certainly the redacted paragraph in the other document between the paragraph about the discovery of the antenna and the one that begins "Why, way back in 1954, when the Soviets published a rather comprehensive set of standards..."
This paragraph is about how 40 microphones were found in the US embassy in Moscow and talks about a "large metal grid buried in the cement of the ceiling over the Department of State communications area" and that it had a wire leading off somewhere. Apparently such things were being found as far back as 1953 and the US did not know what their purpose was.
The next paragraph puts the above into context when it says that in 1954 "the Soviets published a rather comprehensive set of standards for the suppression of radio frequency interference". So the previous paragraph reveals some details about what kinds of devices were found but the second paragraph goes on to imply that the Soviets may have been listening in on our unencrypted electronic communications for at least 10 years before the US figured out that it was possible to do so and took action.
It's funny how something which would seem so obvious to us now in hindsight baffled the NSA for at least 10 years. It is also funny that it is possible to reconstruct redacted materials from declassified documents using Google due to the use of cut and paste from a document written back in 1973.
my theory is that they really say "great wall", "spy stations" and "Zargon bases".. The similarity in spacing is just a cover up.
Seriously though, there seems enough accuracy in the scan to allow you to verify these guesses by copying words/characters from elsewhere and seeing if your guess fits. Has anybody started on that? Shouldn't they be treating the character spacing as classified if the material is classified?
Problem: character spacing reveals redacted text.
Solution: r an d o mi z e ch a r a c te r spa c i n g?
js: a better approach would be to replace all redacted sections with "[redacted]" regardless of length. On the other hand, this is still better than some British documents which were released as "redacted" PDFs having had black rectangles drawn over the restricted sections - rectangles which could simply be deleted from the PDF to reveal the original text underneath. Whoops. (It's been a while, but I seem to recall the redacted text included informant names in a criminal investigation in that particular case.)
Redacting the references to the State Dept and Department of the Navy also seemed strange, presumably because procedurally declassifying those departments' involvement would have to be done by those departments themselves?
I remember being very impressed by live demonstrations of TEMPEST (against a laptop screen, rather than the more obvious candidate of a CRT) and 'optical TEMPEST' some years ago. It's surprising to see how wide the gap appears to have been between the US and USSR at that point, though, even bearing in mind other clever tricks like the passive microphone bug.
The oddest thing here to me, though, is that the talk of DES doesn't seem to fit with other timelines regarding differential crypto and the S-box selections.
A few things to keep in mind as you read that document: (1) most (all?) of the unredacted paragraphs were classified only secret or confidential, which means there is a lot of higher classification stuff (TS, SCI) that NSA was doing that we're not hearing about in that doc; (2) NSA is a very compartmentalized place, so the author may not have known everything they were doing or able to do; and (3) these notes seem to be from a lecture series for lectures to new employees. It stands to reason that you don't want to tell your new employees *everything*.
So I tend to take with a grain of salt a certain amount of what the document says about NSA capabilities, e.g., regarding DES breaking. In fact, it's probably good if most of your employees don't accurately understand your capabilities, or better yet, have an under-appreciation for them.
But then, there's a reason my name is Tin Foil Hat! :-)
The first few pages (Starting with Page 5 of the PDF/Original 3 in the document) appear to have "SECRET NOPORN" written on the top left corner - does this mean something specific (several amusing interpretations came to mind...) ?
SECRET is "SECRET" meaning the handler/reader of the item being marked SECRET must possess a U.S. DoD clearance of at least SECRET. NOFORN is an additional designation that restricts distribution of said classified item to those who are NOT foreigners (e.g., non U.S. Citizens). There may be additional restrictions (e.g., COMSEC and CRYPTO) which further restrict distribution. They're just designations; they're not clearance levels.
Anyone tried the new G-Office app "Google 'Dacts"(beta) intra-document redaction-retraction web-search algorithmic widget? Sure will be a help to historians someday... Cut & paste is more fun, though. Sorta like those frag-phrase 'fridge magnets - could inspire a wave of 'declassified%.gov poetry slams,' no?
On page 157 of the PDF, the author makes reference to a hidden message that he has added to the document itself, supposedly describing how some imperfectly incinerated documents were dealt with.
He provides some information on how he his this story, and challenges the reader to solve it. Has anyone here done so?
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.